From f998e162b83a538eec8d7e2668f9dd9d3e458589 Mon Sep 17 00:00:00 2001
From: uxairibrar <uxair.ibrar@gmail.com>
Date: Sat, 22 Feb 2025 00:24:29 +0100
Subject: [PATCH 1/7] Account deletion must be confirmed

---
 optimap/settings.py                       |   2 +
 publications/models.py                    |  25 +-
 publications/serializers.py               |  12 +-
 publications/signals.py                   |   3 +-
 publications/templates/user_settings.html | 274 +++++++++++++++-------
 publications/urls.py                      |   4 +-
 publications/views.py                     |  95 +++++++-
 7 files changed, 330 insertions(+), 85 deletions(-)

diff --git a/optimap/settings.py b/optimap/settings.py
index d252053..4bd01b6 100644
--- a/optimap/settings.py
+++ b/optimap/settings.py
@@ -50,6 +50,8 @@
     "sesame.backends.ModelBackend",
 ]
 
+AUTH_USER_MODEL = "publications.CustomUser" 
+
 INSTALLED_APPS = [
     'django.contrib.admin',
     'django.contrib.auth',
diff --git a/publications/models.py b/publications/models.py
index 520aaae..8bdb97d 100644
--- a/publications/models.py
+++ b/publications/models.py
@@ -1,6 +1,9 @@
 from django.contrib.gis.db import models
 from django.contrib.postgres.fields import ArrayField
 from django_currentuser.db.models import CurrentUserField
+from django.utils.timezone import now
+from django.contrib.auth.models import AbstractUser, Group, Permission
+import uuid
 
 STATUS_CHOICES = (
     ("d", "Draft"),
@@ -10,6 +13,25 @@
     ("h", "Harvested"),
 )
 
+class CustomUser(AbstractUser):
+    deleted = models.BooleanField(default=False)
+    deleted_at = models.DateTimeField(null=True, blank=True)
+
+    groups = models.ManyToManyField(Group, related_name="publications_users", blank=True)
+    user_permissions = models.ManyToManyField(Permission, related_name="publications_users_permissions", blank=True)
+
+    def soft_delete(self):
+        """Marks the user as deleted instead of removing from the database."""
+        self.deleted = True
+        self.deleted_at = now()
+        self.save()
+    
+    def restore(self):
+        """Restores a previously deleted user."""
+        self.deleted = False
+        self.deleted_at = None
+        self.save()
+
 class Publication(models.Model):
     # required fields      
     doi = models.CharField(max_length=1024, unique=True)
@@ -88,7 +110,8 @@ class Meta:
 from import_export import fields, resources
 from import_export.widgets import ForeignKeyWidget
 from django.conf import settings
-from django.contrib.auth.models import User
+from django.contrib.auth import get_user_model
+User = get_user_model()
 class PublicationResource(resources.ModelResource):
     #created_by = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE, related_name='username')
     #updated_by = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE, related_name='username')
diff --git a/publications/serializers.py b/publications/serializers.py
index 00e9f60..fd430ec 100644
--- a/publications/serializers.py
+++ b/publications/serializers.py
@@ -23,4 +23,14 @@ class Meta:
         fields = ("search_term","timeperiod_startdate","timeperiod_enddate","user_name")
         geo_field = "search_area"
         auto_bbox = True
-        
\ No newline at end of file
+        
+class UserSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = User
+        fields = ["id", "username", "email"] 
+
+    def to_representation(self, instance):
+        """Ensure deleted users are excluded from serialization."""
+        if instance.deleted:  
+            return None 
+        return super().to_representation(instance)
diff --git a/publications/signals.py b/publications/signals.py
index d54655d..3789f50 100644
--- a/publications/signals.py
+++ b/publications/signals.py
@@ -3,7 +3,8 @@
 
 from django.db.models.signals import pre_save
 from django.dispatch import receiver
-from django.contrib.auth.models import User
+from django.contrib.auth import get_user_model
+User = get_user_model()
 from django.conf import settings
 
 @receiver(pre_save, sender=User)
diff --git a/publications/templates/user_settings.html b/publications/templates/user_settings.html
index 2636c33..24e3b9e 100644
--- a/publications/templates/user_settings.html
+++ b/publications/templates/user_settings.html
@@ -1,101 +1,217 @@
-{% extends "base.html" %}
-{% load static %}
-
-{% block navbar %}
+{% extends "base.html" %} {% load static %} {% block navbar %}
 
 <ul class="nav navbar-nav">
-  {% if request.user.is_authenticated %}  
-  {% include "authenticated_menu_snippet.html" %}
-  {% else %}
-  {% include "menu_snippet.html" %}
-  {% endif %}
+  {% if request.user.is_authenticated %} {% include
+  "authenticated_menu_snippet.html" %} {% else %} {% include "menu_snippet.html"
+  %} {% endif %}
 </ul>
 
-{% endblock %}
-
-  {% block content %}
-  <div class="row justify-content-center">
-    <div class="col-4 py-5">
-
-      <div class="accordion m-5" id="user_settings">
-        <div class="card">
-          <div class="card-header" id="headingOne">
-            <h2 class="mb-0">
-              <button class="btn btn-link btn-block text-left" type="button" data-toggle="collapse"
-                data-target="#collapseOne" aria-expanded="true" aria-controls="collapseOne">
-                Change email
-              </button>
-            </h2>
-          </div>
+{% endblock %} {% block content %}
+<div class="row justify-content-center">
+  <div class="col-4 py-5">
+    <div class="accordion m-5" id="user_settings">
+      <div class="card">
+        <div class="card-header" id="headingOne">
+          <h2 class="mb-0">
+            <button
+              class="btn btn-link btn-block text-left"
+              type="button"
+              data-toggle="collapse"
+              data-target="#collapseOne"
+              aria-expanded="true"
+              aria-controls="collapseOne"
+            >
+              Change email
+            </button>
+          </h2>
+        </div>
 
-          <div id="collapseOne" class="collapse show" aria-labelledby="headingOne" data-parent="#user_settings">
-            <div class="card-body">
-              <form class="formchange" method="POST" action="{% url 'optimap:changeuser' %}">
-                {% csrf_token %}
-                <div class="form-group row px-3">
-                  <label for="staticEmail" class="col-form-label">Current email</label>
-                  <div class="col">
-                    <input type="text" readonly class="form-control-plaintext" id="staticEmail" value="{{user.email}}">
-                  </div>
-                </div>
-                <div class="form-group row px-3">
-                  <input id="email_new" placeholder="Enter your new email" class="form-control form-control-sm"
-                    type="email" required="" name="email_new">
+        <div
+          id="collapseOne"
+          class="collapse show"
+          aria-labelledby="headingOne"
+          data-parent="#user_settings"
+        >
+          <div class="card-body">
+            <form
+              class="formchange"
+              method="POST"
+              action="{% url 'optimap:changeuser' %}"
+            >
+              {% csrf_token %}
+              <div class="form-group row px-3">
+                <label for="staticEmail" class="col-form-label"
+                  >Current email</label
+                >
+                <div class="col">
+                  <input
+                    type="text"
+                    readonly
+                    class="form-control-plaintext"
+                    id="staticEmail"
+                    value="{{user.email}}"
+                  />
                 </div>
-                <div class="form-group row px-3">
-                  <button type="submit" class="btn btn-outline-warning">Save Changes</button>
-                  <div class="col-sm-2">
-                    <button type="reset" class="btn btn-outline-danger">Cancel</button>
-                  </div>
+              </div>
+              <div class="form-group row px-3">
+                <input
+                  id="email_new"
+                  placeholder="Enter your new email"
+                  class="form-control form-control-sm"
+                  type="email"
+                  required=""
+                  name="email_new"
+                />
+              </div>
+              <div class="form-group row px-3">
+                <button type="submit" class="btn btn-outline-warning">
+                  Save Changes
+                </button>
+                <div class="col-sm-2">
+                  <button type="reset" class="btn btn-outline-danger">
+                    Cancel
+                  </button>
                 </div>
-              </form>
-            </div>
+              </div>
+            </form>
           </div>
         </div>
+      </div>
 
-        <div class="card">
-          <div class="card-header" id="headingTwo">
-            <h2 class="mb-0">
-              <button class="btn btn-link btn-block text-left collapsed" type="button" data-toggle="collapse"
-                data-target="#collapseTwo" aria-expanded="false" aria-controls="collapseTwo">
-                Delete account
-              </button>
-            </h2>
-          </div>
-          <div id="collapseTwo" class="collapse" aria-labelledby="headingTwo" data-parent="#user_settings">
-            <div class="card-body">
-
-              <p>Deleting account is permenant. It cannot be reversed.</p>
+      <div class="card">
+        <div class="card-header" id="headingTwo">
+          <h2 class="mb-0">
+            <button
+              class="btn btn-link btn-block text-left collapsed"
+              type="button"
+              data-toggle="collapse"
+              data-target="#collapseTwo"
+              aria-expanded="false"
+              aria-controls="collapseTwo"
+            >
+              Delete account
+            </button>
+          </h2>
+        </div>
+        <div
+          id="collapseTwo"
+          class="collapse"
+          aria-labelledby="headingTwo"
+          data-parent="#user_settings"
+        >
+          <div class="card-body">
+            <div class="container">
+              <p
+                class="text-danger font-weight-bold text-wrap text-center mb-3"
+              >
+                Deleting your account is permanent. It cannot be reversed.
+              </p>
 
-              <button type="button" class="btn btn-outline-danger" data-toggle="modal" data-target="#modal1"
-                aria-expanded="false">Delete Account</button>
+              <button
+                type="button"
+                class="btn btn-outline-danger mt-2 px-4 py-2 w-100"
+                data-toggle="modal"
+                data-target="#modal1"
+                aria-expanded="false"
+              >
+                Delete Account
+              </button>
+            </div>
 
-              <div id="modal1" class="modal" tabindex="-1" role="dialog">
-                <div class="modal-dialog" role="document">
-                  <div class="modal-content">
-                    <div class="modal-header">
-                      <h5 class="modal-title">Delete Account</h5>
-                      <button type="button" class="close" data-dismiss="modal" aria-label="Close">
-                        <span aria-hidden="true">&times;</span>
+            <div id="modal1" class="modal" tabindex="-1" role="dialog">
+              <div class="modal-dialog" role="document">
+                <div class="modal-content">
+                  <div class="modal-header">
+                    <h5 class="modal-title">Delete Account</h5>
+                    <button
+                      type="button"
+                      class="close"
+                      data-dismiss="modal"
+                      aria-label="Close"
+                    >
+                      <span aria-hidden="true">&times;</span>
+                    </button>
+                  </div>
+                  <div class="modal-body">
+                    <p>Do you really want to delete this account ?</p>
+                    <p>
+                      <strong>Note:</strong> Your contributed data will remain
+                      available on the platform.
+                    </p>
+                  </div>
+                  <div class="modal-footer">
+                    <form
+                      action="{% url 'optimap:request_delete' %}"
+                      method="post"
+                    >
+                      {% csrf_token %}
+                      <button
+                        type="submit"
+                        class="btn btn-primary"
+                        name="dltbutton"
+                      >
+                        Delete
                       </button>
-                    </div>
-                    <div class="modal-body">
-                      <p>Do you really want to delete this account ?</p>
-                    </div>
-                    <div class="modal-footer">
-                      <form action="{% url 'optimap:delete' %}" method="post">
-                        {% csrf_token %}
-                        <button type="submit" class="btn btn-primary" name='dltbutton'>Delete</button>
-                      </form>
-                      <button type="button" class="btn btn-secondary" data-dismiss="modal">Close</button>
-                    </div>
+                    </form>
+                    <button
+                      type="button"
+                      class="btn btn-secondary"
+                      data-dismiss="modal"
+                    >
+                      Close
+                    </button>
                   </div>
                 </div>
               </div>
             </div>
           </div>
         </div>
+        <!-- Final Confirmation Modal (Only Shows After Clicking Email Link) -->
+        <div id="finalDeleteModal" class="modal fade" tabindex="-1">
+          <div class="modal-dialog">
+            <div class="modal-content">
+              <div class="modal-header">
+                <h5 class="modal-title">Final Confirmation</h5>
+                <button type="button" class="close" data-dismiss="modal">
+                  <span>&times;</span>
+                </button>
+              </div>
+              <div class="modal-body">
+                <div class="container">
+                  <p class="text-wrap text-center mb-3">
+                    Confirming this will permenantly delete your account.
+                  </p>
+                </div>
+                <div class="modal-footer">
+                  <form
+                    method="POST"
+                    action="{% url 'optimap:finalize_delete' %}"
+                  >
+                    {% csrf_token %}
+                    <button type="submit" class="btn btn-danger">
+                      Permanently Delete Account
+                    </button>
+                  </form>
+                  <button
+                    type="button"
+                    class="btn btn-secondary"
+                    data-dismiss="modal"
+                  >
+                    Cancel
+                  </button>
+                </div>
+              </div>
+            </div>
+          </div>
+        </div>
       </div>
     </div>
   </div>
-  {% endblock %}
\ No newline at end of file
+  {% if request.session.delete_token %}
+  <script>
+    window.onload = function () {
+      $("#finalDeleteModal").modal("show"); // Auto-open final confirmation modal
+    };
+  </script>
+  {% endif %} {% endblock %}
+</div>
diff --git a/publications/urls.py b/publications/urls.py
index 9086216..2165da6 100644
--- a/publications/urls.py
+++ b/publications/urls.py
@@ -29,6 +29,8 @@
     path("usersettings/", views.user_settings, name="usersettings"),
     path("subscriptions/", views.user_subscriptions, name="subscriptions"),
     path("addsubscriptions/", views.add_subscriptions, name="addsubscriptions"),
-    path("delete/", views.delete_account, name="delete"),
+    path("request_delete/", views.request_delete, name="request_delete"),
+    path("confirm-delete/<str:token>/", views.confirm_account_deletion, name="confirm_delete"),
+    path("finalize-delete/", views.finalize_account_deletion, name="finalize_delete"), 
     path("changeuser/", views.change_useremail, name="changeuser"),
 ]
diff --git a/publications/views.py b/publications/views.py
index 45c671d..aeb05ce 100644
--- a/publications/views.py
+++ b/publications/views.py
@@ -14,7 +14,6 @@
 from django.contrib import messages
 from django.contrib.auth import login,logout
 from django.views.decorators.http import require_GET
-from django.contrib.auth.models import User
 from django.conf import settings
 from publications.models import Subscription
 from datetime import datetime
@@ -22,6 +21,13 @@
 import time
 from math import floor
 from django_currentuser.middleware import (get_current_user, get_current_authenticated_user)
+from django.urls import reverse
+import uuid
+from django.shortcuts import get_object_or_404
+from django.shortcuts import redirect
+from django.utils.timezone import now
+from django.contrib.auth import get_user_model
+User = get_user_model()
 
 LOGIN_TOKEN_LENGTH  = 32
 LOGIN_TOKEN_TIMEOUT_SECONDS = 10 * 60
@@ -106,7 +112,23 @@ def authenticate_via_magic_link(request: HttpRequest, token: str):
             }
         })
 
-    user, is_new = User.objects.get_or_create(username = email, email = email)
+    user = User.objects.filter(email=email).first()
+
+    if user:
+        if user.deleted:
+            # Create a new user if existing record is found
+            user.deleted = False
+            user.deleted_at = None
+            user.is_active = True  
+            user.save()
+            is_new = False  
+        else:
+            is_new = False  
+    else:
+        # Create a new user if no existing record is found
+        user = User.objects.create_user(username=email, email=email)
+        is_new = True
+
     login(request, user, backend='django.contrib.auth.backends.ModelBackend')
 
     cache.delete(token)
@@ -197,3 +219,72 @@ def get_login_link(request, email):
     cache.set(token, email, timeout = LOGIN_TOKEN_TIMEOUT_SECONDS)
     logger.info('Created login link for %s with token %s - %s', email, token, link)
     return link
+
+
+@login_required
+def request_delete(request):
+    user = request.user
+    token = uuid.uuid4().hex
+
+    cache.set(f"delete_token_{token}", user.id, timeout=3600)
+
+    confirm_url = request.build_absolute_uri(reverse('optimap:confirm_delete', args=[token]))
+
+    send_mail(  
+        'Confirm Your Account Deletion',
+        f'Click the link to confirm deletion: {confirm_url}',
+        'no-reply@optimap.com',
+        [user.email],
+    )
+
+    return redirect(reverse('optimap:usersettings') + '?message=Check your email for a confirmation link.')
+
+@login_required
+def confirm_account_deletion(request, token):
+    user_id = cache.get(f"delete_token_{token}")
+
+    if user_id is None:
+        messages.error(request, "Invalid or expired deletion token.")
+        return redirect(reverse('optimap:usersettings'))
+
+    user = get_object_or_404(User, id=user_id)
+
+    request.session["delete_token"] = token
+
+    messages.warning(request, "Please confirm your account deletion. Your contributed data will remain on the platform.")
+    return redirect(reverse('optimap:usersettings'))  
+
+
+@login_required
+def finalize_account_deletion(request):
+    token = request.session.get("delete_token")
+
+    if not token:
+        messages.error(request, "No active deletion request found.")
+        return redirect(reverse('optimap:usersettings'))
+
+    user_id = cache.get(f"delete_token_{token}")
+
+    if user_id is None:
+        messages.error(request, "Invalid or expired deletion request.")
+        return redirect(reverse('optimap:usersettings'))
+
+    user = get_object_or_404(User, id=user_id)
+
+    if user.deleted:
+        messages.warning(request, "This account has already been deleted.")
+        return redirect(reverse('optimap:usersettings'))
+
+    user.deleted = True
+    user.deleted_at = now()
+    user.save()
+    cache.delete(f"delete_token_{token}") 
+
+    if "delete_token" in request.session:
+        del request.session["delete_token"]
+        request.session.modified = True  
+
+    logout(request)
+
+    messages.success(request, "Your account has been successfully deleted.")
+    return redirect(reverse('optimap:main')) 
\ No newline at end of file

From a22ce1e325c8e9f17ee3b6f7c3f744dc7af37bb0 Mon Sep 17 00:00:00 2001
From: uxairibrar <uxair.ibrar@gmail.com>
Date: Sat, 22 Feb 2025 00:43:39 +0100
Subject: [PATCH 2/7] Fixed error in imports

---
 publications/serializers.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/publications/serializers.py b/publications/serializers.py
index fd430ec..3de2566 100644
--- a/publications/serializers.py
+++ b/publications/serializers.py
@@ -2,6 +2,8 @@
 
 from rest_framework_gis import serializers
 from .models import Publication
+from django.contrib.auth import get_user_model
+User = get_user_model()
 
 from publications.models import Publication,Subscription
 

From 07c85efa656e95de6b01ff180201d27548b0456d Mon Sep 17 00:00:00 2001
From: uxairibrar <uxair.ibrar@gmail.com>
Date: Sat, 15 Mar 2025 15:04:01 +0100
Subject: [PATCH 3/7] Code Refactoring and added more checks

---
 publications/admin.py                     |   4 -
 publications/models.py                    |  10 +--
 publications/templates/base.html          | 104 +++++++++++-----------
 publications/templates/menu_snippet.html  |  58 +++++++-----
 publications/templates/user_settings.html |  21 ++++-
 publications/urls.py                      |   4 +-
 publications/views.py                     |  76 +++++++++++-----
 7 files changed, 167 insertions(+), 110 deletions(-)

diff --git a/publications/admin.py b/publications/admin.py
index 58836a6..5f96f81 100644
--- a/publications/admin.py
+++ b/publications/admin.py
@@ -10,10 +10,6 @@
 from django_q.models import Schedule
 from datetime import datetime, timedelta
 
-
-# Unregister the default User admin
-admin.site.unregister(User)
-
 @admin.action(description="Mark selected publications as published")
 def make_public(modeladmin, request, queryset):
     queryset.update(status="p")
diff --git a/publications/models.py b/publications/models.py
index 261762b..f67f0aa 100644
--- a/publications/models.py
+++ b/publications/models.py
@@ -5,9 +5,6 @@
 from django.contrib.auth.models import AbstractUser, Group, Permission
 import uuid
 from django.utils.timezone import now
-from django.contrib.auth import get_user_model
-
-User = get_user_model()
 
 STATUS_CHOICES = (
     ("d", "Draft"),
@@ -20,7 +17,6 @@
 class CustomUser(AbstractUser):
     deleted = models.BooleanField(default=False)
     deleted_at = models.DateTimeField(null=True, blank=True)
-
     groups = models.ManyToManyField(Group, related_name="publications_users", blank=True)
     user_permissions = models.ManyToManyField(Permission, related_name="publications_users_permissions", blank=True)
 
@@ -110,6 +106,9 @@ class Meta:
         ordering = ['user_name']
         verbose_name = "subscription"
 
+from django.contrib.auth import get_user_model
+User = get_user_model()
+
 class EmailLog(models.Model):
     TRIGGER_CHOICES = [
         ("admin", "Admin Panel"),
@@ -148,8 +147,7 @@ def log_email(cls, recipient, subject, content, sent_by=None, trigger_source="ma
 from import_export import fields, resources
 from import_export.widgets import ForeignKeyWidget
 from django.conf import settings
-from django.contrib.auth import get_user_model
-User = get_user_model()
+
 class PublicationResource(resources.ModelResource):
     #created_by = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE, related_name='username')
     #updated_by = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE, related_name='username')
diff --git a/publications/templates/base.html b/publications/templates/base.html
index bb9b7a8..9749d74 100644
--- a/publications/templates/base.html
+++ b/publications/templates/base.html
@@ -1,53 +1,57 @@
 {% load static %}
 <!DOCTYPE html>
 <html lang="en">
-
-<head>
-	<meta charset="utf-8">
-	<meta name="viewport" content="width=device-width, initial-scale=1">
-
-	<title>{% block title %}{% endblock %}OPTIMAP</title>
-	<link rel="icon" type="image/png" href="{% static 'favicon.png' %}">
-
-	<link rel="stylesheet" href="{% static 'css/bootstrap.min.css' %}"/>
-	<link rel="stylesheet" href="{% static 'fontawesome/css/fontawesome.min.css' %}"/>
-	<link rel="stylesheet" href="{% static 'fontawesome/css/solid.min.css' %}"/>
-
-	<script src="{% static 'js/jquery-3.4.1.slim.min.js' %}"></script>
-	<script src="{% static 'js/bootstrap.min.js' %}"></script>
-
-	{% block head %}{% endblock %}
-
-	<link rel="stylesheet" type="text/css" href="{% static 'css/main.css' %}"/>
-</head>
-
-<body>
-
-	<!--Navbar-->
-	<nav class="navbar navbar-expand-sm navbar-dark nav-fill w-100">
-		<div class="container-fluid">
-			<div class="nav navbar-nav">
-				<a class="navbar-brand" href="/">
-					<img src="{% static 'optimap_logo_w.svg' %}" width="100" alt="OPTIMAP logo">
-				</a>
-
-				<span class="text-white tagline">Discover Research. Optimized. On a map.</span>
-			</div>
-
-			{% block navbar %}{% endblock %}
-		</div>
-	</nav>
-
-	<main class="container-fluid">
-		{% block alert %}{% endblock %}
-		
-		{% block content %}{% endblock %}
-	</main>
-
-	{% include 'footer.html' %}
-
-	{% block scripts %}{% endblock %}
-
-</body>
-
-</html>
\ No newline at end of file
+  <head>
+    <meta charset="utf-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1" />
+
+    <title>{% block title %}{% endblock %}OPTIMAP</title>
+    <link rel="icon" type="image/png" href="{% static 'favicon.png' %}" />
+
+    <link rel="stylesheet" href="{% static 'css/bootstrap.min.css' %}" />
+    <link
+      rel="stylesheet"
+      href="{% static 'fontawesome/css/fontawesome.min.css' %}"
+    />
+    <link
+      rel="stylesheet"
+      href="{% static 'fontawesome/css/solid.min.css' %}"
+    />
+
+    <script src="{% static 'js/jquery-3.4.1.slim.min.js' %}"></script>
+    <script src="{% static 'js/bootstrap.min.js' %}"></script>
+
+    {% block head %}{% endblock %}
+
+    <link rel="stylesheet" type="text/css" href="{% static 'css/main.css' %}" />
+  </head>
+
+  <body>
+    <!--Navbar-->
+    <nav class="navbar navbar-expand-sm navbar-dark nav-fill w-100">
+      <div class="container-fluid">
+        <div class="nav navbar-nav">
+          <a class="navbar-brand" href="/">
+            <img
+              src="{% static 'optimap_logo_w.svg' %}"
+              width="100"
+              alt="OPTIMAP logo"
+            />
+          </a>
+
+          <span class="text-white tagline"
+            >Discover Research. Optimized. On a map.</span
+          >
+        </div>
+
+        {% block navbar %}{% endblock %}
+      </div>
+    </nav>
+
+    <main class="container-fluid">
+      {% block alert %}{% endblock %} {% block content %}{% endblock %}
+    </main>
+
+    {% include 'footer.html' %} {% block scripts %}{% endblock %}
+  </body>
+</html>
diff --git a/publications/templates/menu_snippet.html b/publications/templates/menu_snippet.html
index a89b11b..32f6d30 100644
--- a/publications/templates/menu_snippet.html
+++ b/publications/templates/menu_snippet.html
@@ -1,23 +1,39 @@
 <li class="nav-item dropdown">
-    <a class="nav-link dropdown" href="#" id="navbarDarkDropdown1" role="button" data-toggle="dropdown"
-      aria-expanded="false">
-      <i class="fa-solid fa-circle-user fa-3x"></i>
-    </a>
-    <ul class="dropdown-menu dropdown-menu-right" aria-labelledby="navbarDarkDropdown1">
-      <span class="dropdown-item-text">New around here? Please login to create a new account.</span>
-      <div class="dropdown-divider"></div>
-      <li class="px-3 py-2">
-        <form class="form" method="POST" action="{% url 'optimap:loginres' %}">
-          {% csrf_token %}
-          <div class="form-group">
-            <input id="email" placeholder="Email" class="form-control form-control-sm" type="email" required=""
-              name="email">
-          </div>
-          <div class="form-group">
-            <button type="submit" class="btn btn-primary btn-block">Login</button>
-          </div>
-        </form>
-      </li>
-    </ul>
+  <a
+    class="nav-link dropdown-toggle"
+    href="#"
+    id="navbarDarkDropdown1"
+    role="button"
+    data-toggle="dropdown"
+    aria-expanded="false"
+  >
+    <i class="fa-solid fa-circle-user fa-3x"></i>
+  </a>
+  <ul
+    class="dropdown-menu dropdown-menu-right"
+    aria-labelledby="navbarDarkDropdown1"
+  >
+    <span class="dropdown-item-text"
+      >New around here? Please login to create a new account.</span
+    >
+    <div class="dropdown-divider"></div>
+    <li class="px-3 py-2">
+      <form class="form" method="POST" action="{% url 'optimap:loginres' %}">
+        {% csrf_token %}
+        <div class="form-group">
+          <input
+            id="email"
+            placeholder="Email"
+            class="form-control form-control-sm"
+            type="email"
+            required=""
+            name="email"
+          />
+        </div>
+        <div class="form-group">
+          <button type="submit" class="btn btn-primary btn-block">Login</button>
+        </div>
+      </form>
+    </li>
+  </ul>
 </li>
-  
\ No newline at end of file
diff --git a/publications/templates/user_settings.html b/publications/templates/user_settings.html
index b8de4a2..8cdec19 100644
--- a/publications/templates/user_settings.html
+++ b/publications/templates/user_settings.html
@@ -161,7 +161,9 @@ <h2 class="mb-0">
           data-parent="#user_settings"
         >
           <div class="card-body">
-            <p>Deleting account is permenant. It cannot be reversed.</p>
+            <p class="text-wrap text-break text-center mb-3">
+              Deleting account is permanent. It cannot be reversed.
+            </p>
 
             <button
               type="button"
@@ -191,7 +193,10 @@ <h5 class="modal-title">Delete Account</h5>
                     <p>Do you really want to delete this account ?</p>
                   </div>
                   <div class="modal-footer">
-                    <form action="{% url 'optimap:delete' %}" method="post">
+                    <form
+                      action="{% url 'optimap:request_delete' %}"
+                      method="post"
+                    >
                       {% csrf_token %}
                       <button
                         type="submit"
@@ -256,10 +261,20 @@ <h5 class="modal-title">Final Confirmation</h5>
     </div>
   </div>
 </div>
+{% if delete_token %}
+<script>
+  document.addEventListener("DOMContentLoaded", function () {
+    let modalShown = sessionStorage.getItem("modal_shown");
+    if (!modalShown) {
+      $("#finalDeleteModal").modal("show");
+      sessionStorage.setItem("modal_shown", "true");
+    }
+  });
+</script>
+{% endif %}
 <script>
   document.addEventListener("DOMContentLoaded", function () {
     let toggle = document.getElementById("notify_new_manuscripts");
-
     if ("{{ profile.notify_new_manuscripts }}" === "True") {
       toggle.checked = true;
     } else {
diff --git a/publications/urls.py b/publications/urls.py
index 2165da6..0a02eaa 100644
--- a/publications/urls.py
+++ b/publications/urls.py
@@ -29,8 +29,8 @@
     path("usersettings/", views.user_settings, name="usersettings"),
     path("subscriptions/", views.user_subscriptions, name="subscriptions"),
     path("addsubscriptions/", views.add_subscriptions, name="addsubscriptions"),
-    path("request_delete/", views.request_delete, name="request_delete"),
+    path("request-delete/", views.request_delete, name="request_delete"),
     path("confirm-delete/<str:token>/", views.confirm_account_deletion, name="confirm_delete"),
-    path("finalize-delete/", views.finalize_account_deletion, name="finalize_delete"), 
+    path("finalize-delete/", views.finalize_account_deletion, name="finalize_delete"),
     path("changeuser/", views.change_useremail, name="changeuser"),
 ]
diff --git a/publications/views.py b/publications/views.py
index e37c1c1..8a0fd21 100644
--- a/publications/views.py
+++ b/publications/views.py
@@ -32,16 +32,18 @@
 from publications.models import UserProfile
 from django.views.decorators.cache import never_cache
 from django.urls import reverse  
+
 LOGIN_TOKEN_LENGTH  = 32
 LOGIN_TOKEN_TIMEOUT_SECONDS = 10 * 60
-
+ACCOUNT_DELETE_TOKEN_TIMEOUT_SECONDS = 10 * 60
+USER_DELETE_TOKEN_PREFIX = "user_delete_token"
 
 def main(request):
     return render(request,"main.html")
 
 def loginres(request):
     email = request.POST.get('email', False)
-
+    
     if is_email_blocked(email):
         logger.warning('Attempted login with blocked email: %s', email)
         return render(request, "error.html", {
@@ -166,7 +168,10 @@ def user_settings(request):
 
         return redirect(reverse("optimap:usersettings"))
 
-    return render(request, "user_settings.html", {"profile": profile})
+    return render(request, "user_settings.html", {
+        "profile": profile,
+        "delete_token": request.session.get(USER_DELETE_TOKEN_PREFIX, None),  # Fetch token from session
+    })
 
 def user_subscriptions(request):
     if request.user.is_authenticated:
@@ -267,65 +272,88 @@ def request_delete(request):
     user = request.user
     token = uuid.uuid4().hex
 
-    cache.set(f"delete_token_{token}", user.id, timeout=3600)
+    cache.set(f"{USER_DELETE_TOKEN_PREFIX}_{token}", user.id, timeout=ACCOUNT_DELETE_TOKEN_TIMEOUT_SECONDS)
 
     confirm_url = request.build_absolute_uri(reverse('optimap:confirm_delete', args=[token]))
 
     send_mail(  
         'Confirm Your Account Deletion',
-        f'Click the link to confirm deletion: {confirm_url}',
+        f'Click the link to confirm deletion: {confirm_url}\n\n'
+        'This link is valid for 10 minutes. If you did not request this, ignore this email.',
         'no-reply@optimap.com',
         [user.email],
     )
 
     return redirect(reverse('optimap:usersettings') + '?message=Check your email for a confirmation link.')
 
-@login_required
+@login_required(login_url='/')
 def confirm_account_deletion(request, token):
-    user_id = cache.get(f"delete_token_{token}")
+    try:
+        user_id = cache.get(f"{USER_DELETE_TOKEN_PREFIX}_{token}")
 
-    if user_id is None:
-        messages.error(request, "Invalid or expired deletion token.")
-        return redirect(reverse('optimap:usersettings'))
+        if user_id is None:
+            messages.error(request, "Invalid or expired deletion token.")
+            return redirect(reverse('optimap:usersettings'))
 
-    user = get_object_or_404(User, id=user_id)
+        # Ensure the logged-in user matches the user stored in the token
+        if request.user.id != user_id:
+            messages.error(request, "You are not authorized to delete this account.")
+            return redirect(reverse('optimap:main'))
 
-    request.session["delete_token"] = token
+        user = get_object_or_404(User, id=user_id)
 
-    messages.warning(request, "Please confirm your account deletion. Your contributed data will remain on the platform.")
-    return redirect(reverse('optimap:usersettings'))  
+        request.session[USER_DELETE_TOKEN_PREFIX] = token
+        request.session.modified = True 
+        request.session.save()  
 
+        messages.warning(request, "Please confirm your account deletion. Your contributed data will remain on the platform.")
+        return redirect(reverse('optimap:usersettings'))
+    except Exception as e:
+        messages.error(request, f"An error occurred: {str(e)}")
+        return redirect(reverse('optimap:usersettings'))
 
-@login_required
+
+@login_required(login_url='/')
 def finalize_account_deletion(request):
-    token = request.session.get("delete_token")
+    token = request.session.get(USER_DELETE_TOKEN_PREFIX)
 
     if not token:
         messages.error(request, "No active deletion request found.")
         return redirect(reverse('optimap:usersettings'))
 
-    user_id = cache.get(f"delete_token_{token}")
+    user_id = cache.get(f"{USER_DELETE_TOKEN_PREFIX}_{token}")
 
     if user_id is None:
         messages.error(request, "Invalid or expired deletion request.")
         return redirect(reverse('optimap:usersettings'))
 
+    if request.user.id != user_id:
+        messages.error(request, "You are not authorized to delete this account.")
+        return redirect(reverse('optimap:main'))
+
     user = get_object_or_404(User, id=user_id)
 
     if user.deleted:
         messages.warning(request, "This account has already been deleted.")
         return redirect(reverse('optimap:usersettings'))
 
-    user.deleted = True
-    user.deleted_at = now()
-    user.save()
-    cache.delete(f"delete_token_{token}") 
+    try:
+        user.deleted = True
+        user.deleted_at = now()
+        user.save()
+    except Exception as e:
+        logger.error(f"Error deleting user {user.email}: {str(e)}")
+        messages.error(request, "An error occurred while deleting your account. Please try again.")
+        return redirect(reverse('optimap:usersettings'))
+
+    # Ensure cleanup occurs even if saving fails
+    cache.delete(f"{USER_DELETE_TOKEN_PREFIX}_{token}")
 
-    if "delete_token" in request.session:
-        del request.session["delete_token"]
+    if USER_DELETE_TOKEN_PREFIX in request.session:
+        del request.session[USER_DELETE_TOKEN_PREFIX]
         request.session.modified = True  
 
     logout(request)
 
     messages.success(request, "Your account has been successfully deleted.")
-    return redirect(reverse('optimap:main')) 
\ No newline at end of file
+    return redirect(reverse('optimap:main'))

From d433809c4570b0309337942b0e695e0165ba839b Mon Sep 17 00:00:00 2001
From: uxairibrar <uxair.ibrar@gmail.com>
Date: Sun, 16 Mar 2025 00:16:32 +0100
Subject: [PATCH 4/7] Added the test case for account deletion

---
 tests/test_account_deletion.py | 65 ++++++++++++++++++++++++++++++++++
 1 file changed, 65 insertions(+)
 create mode 100644 tests/test_account_deletion.py

diff --git a/tests/test_account_deletion.py b/tests/test_account_deletion.py
new file mode 100644
index 0000000..e6623d0
--- /dev/null
+++ b/tests/test_account_deletion.py
@@ -0,0 +1,65 @@
+import os
+import django
+import subprocess
+os.environ.setdefault("DJANGO_SETTINGS_MODULE", "optimap.settings")
+django.setup()
+from django.test import TestCase, Client
+from django.contrib.auth import get_user_model
+from django.core.cache import cache
+from django.urls import reverse
+import uuid
+User = get_user_model()
+
+class AccountDeletionTests(TestCase):
+    def setUp(self):
+        """Set up a test user and client"""
+        self.client = Client()
+        self.user = User.objects.create_user(username="testuser", email="test@example.com", password="password")
+        self.client.login(username="testuser", password="password")
+        self.delete_token = uuid.uuid4().hex
+        cache.set(f"user_delete_token_{self.delete_token}", self.user.id, timeout=600)
+
+    def test_request_delete_account(self):
+        """Test that a user can request account deletion"""
+        response = self.client.post(reverse("optimap:request_delete"))
+        self.assertEqual(response.status_code, 302)
+        self.assertIn("message=Check%20your%20email", response.url)
+
+    def test_confirm_delete_account(self):
+        """Test that a user can confirm account deletion"""
+        response = self.client.get(reverse("optimap:confirm_delete", args=[self.delete_token]))
+        self.assertEqual(response.status_code, 302)
+        self.assertTrue(self.client.session.get("user_delete_token"))
+
+    def test_finalize_delete_account(self):
+        """Test that a user can finalize account deletion"""
+        session = self.client.session
+        session["user_delete_token"] = self.delete_token 
+        session.save() 
+
+        # Send delete request
+        response = self.client.post(reverse("optimap:finalize_delete"))
+
+        # Fetch user from DB again
+        user = User.objects.filter(id=self.user.id).first()
+
+        self.assertEqual(response.status_code, 302) 
+
+        if user:  
+            self.assertTrue(user.deleted)  
+        else: 
+            self.assertIsNone(user)
+
+    def test_invalid_token(self):
+        """Test invalid or expired deletion token"""
+        response = self.client.get(reverse("optimap:confirm_delete", args=["invalidtoken"]))
+        messages_list = list(response.wsgi_request._messages)     
+        self.assertEqual(response.status_code, 302)
+        self.assertTrue(any("Invalid or expired deletion token" in str(m) for m in messages_list))
+
+    def test_logout_and_click_delete_link(self):
+        """Test scenario where user logs out and clicks deletion link"""
+        self.client.logout()
+        response = self.client.get(reverse("optimap:confirm_delete", args=[self.delete_token]))
+        expected_redirect = reverse("optimap:main")
+        self.assertTrue(response.url.startswith(expected_redirect))

From b7cb0954b85eefc7f11d928432df7502244cb915 Mon Sep 17 00:00:00 2001
From: uxairibrar <uxair.ibrar@gmail.com>
Date: Mon, 17 Mar 2025 00:26:05 +0100
Subject: [PATCH 5/7] Updated Hardcoded email message

---
 publications/views.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/publications/views.py b/publications/views.py
index 8a0fd21..ba1227d 100644
--- a/publications/views.py
+++ b/publications/views.py
@@ -276,10 +276,12 @@ def request_delete(request):
 
     confirm_url = request.build_absolute_uri(reverse('optimap:confirm_delete', args=[token]))
 
-    send_mail(  
+    timeout_minutes = ACCOUNT_DELETE_TOKEN_TIMEOUT_SECONDS//60
+
+    send_mail(
         'Confirm Your Account Deletion',
         f'Click the link to confirm deletion: {confirm_url}\n\n'
-        'This link is valid for 10 minutes. If you did not request this, ignore this email.',
+        f'This link is valid for {timeout_minutes} minutes. If you did not request this, ignore this email.',
         'no-reply@optimap.com',
         [user.email],
     )

From 9c6747cddeb6afd42f6b588d5adf2330ac736cda Mon Sep 17 00:00:00 2001
From: uxairibrar <uxair.ibrar@gmail.com>
Date: Mon, 17 Mar 2025 21:19:37 +0100
Subject: [PATCH 6/7] Added the UI test for Account deletion

---
 tests-ui/test_accountdeletion.py | 66 ++++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)
 create mode 100644 tests-ui/test_accountdeletion.py

diff --git a/tests-ui/test_accountdeletion.py b/tests-ui/test_accountdeletion.py
new file mode 100644
index 0000000..3ecff45
--- /dev/null
+++ b/tests-ui/test_accountdeletion.py
@@ -0,0 +1,66 @@
+import os
+import django
+import unittest
+from helium import *
+from time import sleep
+from django.core.cache import cache
+from django.contrib.auth import get_user_model
+
+# Ensure Django settings are configured
+os.environ.setdefault("DJANGO_SETTINGS_MODULE", "optimap.settings")
+django.setup()
+
+User = get_user_model()
+
+class AccountDeletionUITest(unittest.TestCase):
+    def setUp(self):
+        """Set up the test user and start browser"""
+        self.email = "testuser@example.com"
+        self.token = "mock-token-12345" 
+        self.delete_token = "mock-delete-token-67890"  
+        
+        User.objects.filter(email=self.email).delete()
+
+        self.user = User.objects.create_user(username=self.email, email=self.email, password="password")
+
+        cache.set(self.token, self.email, timeout=300)  
+        cache.set(f"user_delete_token_{self.delete_token}", self.user.id, timeout=600)  
+
+        # Start browser
+        self.browser = start_firefox("http://localhost:8000", headless=False)
+
+    def test_delete_account(self):
+
+        click(S('#navbarDarkDropdown1'))
+
+        write(self.email,  into='email')
+        click(S('button[type="submit"]'))
+
+        go_to(f"http://localhost:8000/login/{self.token}")  
+        sleep(3)
+
+        go_to("http://localhost:8000/usersettings/")
+        sleep(2)
+
+        click("Delete account")
+        sleep(1)
+
+        click("Delete")
+        sleep(3)
+
+        go_to(f"http://localhost:8000/confirm-delete/{self.delete_token}")
+        sleep(3)
+
+        click("Permanently Delete Account")
+        sleep(3)
+
+        self.user.refresh_from_db()
+        assert self.user.deleted, "User deletion flag was not updated in the database!"
+
+    def tearDown(self):
+        """Close browser after test"""
+        if self.browser:
+            kill_browser()
+
+if __name__ == "__main__":
+    unittest.main()

From 2f5a3d0604388c2e69b6cca77729d98cacc018c0 Mon Sep 17 00:00:00 2001
From: uxairibrar <uxair.ibrar@gmail.com>
Date: Tue, 18 Mar 2025 22:21:30 +0100
Subject: [PATCH 7/7] Updated test case and account deletion view

---
 publications/models.py         |  5 +++++
 publications/views.py          | 20 +++++++++-----------
 tests/test_account_deletion.py | 15 +++++++++++----
 3 files changed, 25 insertions(+), 15 deletions(-)

diff --git a/publications/models.py b/publications/models.py
index f67f0aa..09f43ee 100644
--- a/publications/models.py
+++ b/publications/models.py
@@ -5,6 +5,8 @@
 from django.contrib.auth.models import AbstractUser, Group, Permission
 import uuid
 from django.utils.timezone import now
+import logging
+logger = logging.getLogger(__name__)
 
 STATUS_CHOICES = (
     ("d", "Draft"),
@@ -25,12 +27,15 @@ def soft_delete(self):
         self.deleted = True
         self.deleted_at = now()
         self.save()
+        logger.info(f"User {self.username} (ID: {self.id}) was soft deleted at {self.deleted_at}")
+
     
     def restore(self):
         """Restores a previously deleted user."""
         self.deleted = False
         self.deleted_at = None
         self.save()
+        logger.info(f"User {self.username} (ID: {self.id}) was restored.")
 
 class Publication(models.Model):
     # required fields      
diff --git a/publications/views.py b/publications/views.py
index ba1227d..33db6bd 100644
--- a/publications/views.py
+++ b/publications/views.py
@@ -302,8 +302,6 @@ def confirm_account_deletion(request, token):
             messages.error(request, "You are not authorized to delete this account.")
             return redirect(reverse('optimap:main'))
 
-        user = get_object_or_404(User, id=user_id)
-
         request.session[USER_DELETE_TOKEN_PREFIX] = token
         request.session.modified = True 
         request.session.save()  
@@ -343,19 +341,19 @@ def finalize_account_deletion(request):
         user.deleted = True
         user.deleted_at = now()
         user.save()
+        logout(request)
+        messages.success(request, "Your account has been successfully deleted.")
+        return redirect(reverse('optimap:main'))
+
     except Exception as e:
         logger.error(f"Error deleting user {user.email}: {str(e)}")
         messages.error(request, "An error occurred while deleting your account. Please try again.")
         return redirect(reverse('optimap:usersettings'))
 
-    # Ensure cleanup occurs even if saving fails
-    cache.delete(f"{USER_DELETE_TOKEN_PREFIX}_{token}")
-
-    if USER_DELETE_TOKEN_PREFIX in request.session:
-        del request.session[USER_DELETE_TOKEN_PREFIX]
-        request.session.modified = True  
+    finally:
+        cache.delete(f"{USER_DELETE_TOKEN_PREFIX}_{token}")
 
-    logout(request)
+        if USER_DELETE_TOKEN_PREFIX in request.session:
+            del request.session[USER_DELETE_TOKEN_PREFIX]
+            request.session.modified = True  
 
-    messages.success(request, "Your account has been successfully deleted.")
-    return redirect(reverse('optimap:main'))
diff --git a/tests/test_account_deletion.py b/tests/test_account_deletion.py
index e6623d0..5e1ef5a 100644
--- a/tests/test_account_deletion.py
+++ b/tests/test_account_deletion.py
@@ -40,11 +40,11 @@ def test_finalize_delete_account(self):
         # Send delete request
         response = self.client.post(reverse("optimap:finalize_delete"))
 
+        self.assertEqual(response.status_code, 302) 
+
         # Fetch user from DB again
         user = User.objects.filter(id=self.user.id).first()
 
-        self.assertEqual(response.status_code, 302) 
-
         if user:  
             self.assertTrue(user.deleted)  
         else: 
@@ -59,7 +59,14 @@ def test_invalid_token(self):
 
     def test_logout_and_click_delete_link(self):
         """Test scenario where user logs out and clicks deletion link"""
-        self.client.logout()
+        self.client.logout()  # Log out user
+
         response = self.client.get(reverse("optimap:confirm_delete", args=[self.delete_token]))
+
+        self.assertEqual(response.status_code, 302, "Expected a redirect (302) after clicking the deletion link while logged out.")
+
         expected_redirect = reverse("optimap:main")
-        self.assertTrue(response.url.startswith(expected_redirect))
+        self.assertTrue(
+            response.url.startswith(expected_redirect),
+            f"Expected redirect to {expected_redirect}, but got {response.url}"
+        )